Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa
File:                     64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa (raw, json)
Hash identifier:          QrIlhI8AFtAmm7Z2hPSC8azzGwAM2z/DoOgnBSojXag=
Subject key identifier:   96:4A:FB:06:E1:B9:FE:98:A0:C5:D6:44:3C:DF:48:0E:F7:47:04:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40AC17C9D35096E5AB4A20681F9B953130B626C0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa
Signing time:             Wed 12 Nov 2025 01:40:53 +0000
ROA not before:           Wed 12 Nov 2025 01:40:53 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.22.96.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:ac:17:c9:d3:50:96:e5:ab:4a:20:68:1f:9b:95:31:30:b6:26:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:40:53 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=e34f49ae78f26730e296f897c0153aeb9b14399f569f4bd1df4422f6b18296bb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9c:50:16:d4:9d:c8:d3:43:96:3c:e2:33:1c:
                    6e:4f:43:4d:20:f8:e9:81:ef:cb:26:ca:f2:8e:46:
                    6d:a3:2b:3e:0e:ba:2d:ae:e5:9c:12:2f:7a:e6:b0:
                    dd:e3:e0:7e:c3:79:cb:fc:4f:45:5b:fc:07:92:43:
                    01:fa:a1:04:00:38:e0:f7:82:95:8b:77:48:a4:0e:
                    e3:1b:37:e7:d8:49:7e:0f:02:8b:db:c9:da:98:46:
                    d1:de:bc:3e:a9:77:8d:7f:22:e1:37:05:07:ec:c0:
                    c7:c7:5a:f4:e7:f6:cb:6f:47:d0:72:2c:db:e4:a9:
                    29:aa:06:33:d1:fd:f8:1f:d0:4a:6b:a8:be:e7:7d:
                    cf:c3:b9:df:6f:31:b7:66:6b:33:f2:8a:d2:13:53:
                    8a:2c:2d:4d:dd:0b:8f:2d:ba:89:cf:0b:84:49:22:
                    95:c4:8d:aa:cb:8b:c9:48:b3:36:85:e0:b5:1e:00:
                    df:f6:98:db:1d:13:83:45:73:7a:9a:76:e7:bf:54:
                    17:97:f0:50:c9:49:ce:4a:b2:cf:e5:9a:8e:09:dd:
                    dd:5d:a0:38:e1:03:ec:92:6a:58:5b:be:c8:bb:d3:
                    f6:06:b4:61:d9:ec:54:c1:d1:84:a5:ba:80:af:9e:
                    b4:8d:30:d5:72:2f:b9:ab:f8:81:6b:1f:2d:36:02:
                    f4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:4A:FB:06:E1:B9:FE:98:A0:C5:D6:44:3C:DF:48:0E:F7:47:04:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.22.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         68:1f:f2:0d:88:9f:a7:6e:c8:a6:28:d9:d5:9a:0d:e5:29:d4:
         11:e2:91:d8:bb:d8:73:1b:21:e3:6e:14:4f:46:54:e0:50:4f:
         8d:5c:cc:e9:b4:96:52:64:78:49:42:e7:f2:41:20:50:b7:f7:
         b5:83:cd:9d:fd:ef:41:8b:23:ad:de:7e:c1:cf:5a:87:0d:73:
         eb:c8:bc:40:65:94:88:eb:d5:18:1d:4e:3a:19:0b:b1:61:7c:
         3e:da:f6:9a:73:13:8a:af:cb:1a:07:6e:d9:a3:e2:a5:70:de:
         f4:b2:4e:1c:79:c6:51:59:f4:58:c1:3c:3e:08:d9:c7:8d:36:
         7b:fc:c2:04:d3:2f:f5:53:5c:91:15:c3:d1:7f:93:ed:fd:65:
         98:d3:f6:dd:94:13:78:7e:a7:8f:8f:ff:7e:e0:a6:f7:96:0a:
         0d:d0:e9:87:e1:b4:6e:d3:15:7d:db:ea:f0:35:ab:6e:57:1e:
         50:33:23:65:bd:5a:95:78:53:b2:ca:be:5d:68:d9:56:34:57:
         22:0e:2f:ca:40:0b:16:25:6f:20:07:bb:12:3e:3b:61:59:03:
         97:4e:37:b7:4a:3f:bc:6d:7a:b2:2d:1e:e7:43:b0:5d:e8:4e:
         33:a7:09:a9:cf:44:6f:d9:2f:2e:73:1b:e6:40:25:76:3a:1d:
         6e:84:42:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQKwXydNQluWrSiBoH5uVMTC2JsAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDE0MDUzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzRmNDlhZTc4ZjI2NzMwZTI5NmY4OTdjMDE1M2FlYjli
MTQzOTlmNTY5ZjRiZDFkZjQ0MjJmNmIxODI5NmJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvnFAW1J3I00OWPOIzHG5PQ00g+OmB78smyvKORm2jKz4O
ui2u5ZwSL3rmsN3j4H7Decv8T0Vb/AeSQwH6oQQAOOD3gpWLd0ikDuMbN+fYSX4P
AovbydqYRtHevD6pd41/IuE3BQfswMfHWvTn9stvR9ByLNvkqSmqBjPR/fgf0Epr
qL7nfc/Dud9vMbdmazPyitITU4osLU3dC48tuonPC4RJIpXEjarLi8lIszaF4LUe
AN/2mNsdE4NFc3qadue/VBeX8FDJSc5Kss/lmo4J3d1doDjhA+ySalhbvsi70/YG
tGHZ7FTB0YSluoCvnrSNMNVyL7mr+IFrHy02AvRfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlkr7BuG5/pigxdZEPN9IDvdHBM4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0Y2NhNDJkLTQwYTgtNGRjYS04NWY0LTBhYzZhMzJlNjA4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUXFmAwDQYJKoZIhvcNAQELBQADggEBAGgf8g2In6duyKYo2dWaDeUp1BHi
kdi72HMbIeNuFE9GVOBQT41czOm0llJkeElC5/JBIFC397WDzZ3970GLI63efsHP
WocNc+vIvEBllIjr1RgdTjoZC7FhfD7a9ppzE4qvyxoHbtmj4qVw3vSyThx5xlFZ
9FjBPD4I2ceNNnv8wgTTL/VTXJEVw9F/k+39ZZjT9t2UE3h+p4+P/37gpveWCg3Q
6YfhtG7TFX3b6vA1q25XHlAzI2W9WpV4U7LKvl1o2VY0VyIOL8pACxYlbyAHuxI+
O2FZA5dON7dKP7xterItHudDsF3oTjOnCanPRG/ZLy5zG+ZAJXY6HW6EQsI=
-----END CERTIFICATE-----